专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08438174B2 Automated forensic document signatures 有权
标题翻译：自动取证文件签名
公开(公告)号：US08438174B2
公开(公告)日：2013-05-07
申请号：US12822722
申请日：2010-06-24
申请人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F17/30
CPC分类号： H04N21/44008 , G06F17/30613 , G06F17/30781 , G06F17/30964 , G06F21/55 , G10L15/26 , H04L63/12 , H04L63/1425
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Forensic signatures are created including a digital fingerprint and other information associated with a file. In one aspect, informational signatures are created, which may assist in determining what information is included in a file. In another aspect, the digital fingerprint may represent contents of the file and is resistant to minor modification of the file. In another aspect, fingerprints can be compared in parallel on different computers.
摘要翻译：提供方法和系统用于计算机取证调查的主动方法。本发明允许组织预期法医分析的需要提前准备。创建取证签名，包括数字指纹和与文件相关的其他信息。在一个方面，创建信息签名，这可以有助于确定文件中包括哪些信息。在另一方面，数字指纹可以表示文件的内容，并且抵抗文件的轻微修改。另一方面，指纹可以在不同的计算机上并行进行比较。

2. 发明授权

US08312023B2 Automated forensic document signatures 有权
标题翻译：自动取证文件签名
公开(公告)号：US08312023B2
公开(公告)日：2012-11-13
申请号：US12118942
申请日：2008-05-12
申请人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F7/00
CPC分类号： H04N21/44008 , G06F17/30613 , G06F17/30781 , G06F17/30964 , G06F21/55 , G10L15/26 , H04L63/12 , H04L63/1425
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
摘要翻译：提供方法和系统用于计算机取证调查的主动方法。本发明允许组织预期法医分析的需要提前准备。为指定的目标主动生成数字表示。数字表示是目标内容的摘要。索引和组织在数据结构中的目标集合的数字表示，例如反向索引。搜索和比较目标集合的数字表示可以快速准确地识别具有相同或相似内容的目标。提前计算和存储成本，这样可以更有效地进行电脑取证调查。本发明可应用于计算机取证证据采集，误用检测，网络入侵检测，未经授权的网络流量检测与预防等众多应用。

3. 发明申请

US20100287196A1 AUTOMATED FORENSIC DOCUMENT SIGNATURES 有权
标题翻译：自动报告文件签名
公开(公告)号：US20100287196A1
公开(公告)日：2010-11-11
申请号：US12822722
申请日：2010-06-24
申请人： Thomas Clay SHIELDS , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay SHIELDS , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F17/30
CPC分类号： H04N21/44008 , G06F17/30613 , G06F17/30781 , G06F17/30964 , G06F21/55 , G10L15/26 , H04L63/12 , H04L63/1425
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Forensic signatures are created including a digital fingerprint and other information associated with a file. In one aspect, informational signatures are created, which may assist in determining what information is included in a file. In another aspect, the digital fingerprint may represent contents of the file and is resistant to minor modification of the file. In another aspect, fingerprints can be compared in parallel on different computers.
摘要翻译：提供方法和系统用于计算机取证调查的主动方法。本发明允许组织预期法医分析的需要提前准备。创建取证签名，包括数字指纹和与文件相关的其他信息。在一个方面，创建信息签名，这可以有助于确定文件中包括哪些信息。在另一方面，数字指纹可以表示文件的内容，并且抵抗文件的轻微修改。另一方面，指纹可以在不同的计算机上并行进行比较。

4. 发明申请

US20090164517A1 AUTOMATED FORENSIC DOCUMENT SIGNATURES 有权
标题翻译：自动报告文件签名
公开(公告)号：US20090164517A1
公开(公告)日：2009-06-25
申请号：US11963186
申请日：2007-12-21
申请人： Thomas Clay SHIELDS , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay SHIELDS , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F17/30
CPC分类号： H04L63/1425 , G06F21/55
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital signatures are generated proactively for a specified target. The digital signature represents a digest of the content of the target, and can be readily stored. Searching and comparing digital signatures allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allow more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
摘要翻译：提供方法和系统用于计算机法医调查的主动方法。本发明允许组织预期法医分析的需要提前准备。为指定的目标主动生成数字签名。数字签名表示目标内容的摘要，并且可以容易地存储。搜索和比较数字签名可以快速准确地识别具有相同或相似内容的目标。提前计算和存储成本，这样可以更有效地进行电脑取证调查。本发明可应用于计算机取证证据收集，误用检测，网络入侵检测，未经授权的网络流量检测和预防等众多应用。

5. 发明申请

US20090164427A1 AUTOMATED FORENSIC DOCUMENT SIGNATURES 有权
标题翻译：自动报告文件签名
公开(公告)号：US20090164427A1
公开(公告)日：2009-06-25
申请号：US12118942
申请日：2008-05-12
申请人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F7/06 , G06F17/30
CPC分类号： H04N21/44008 , G06F17/30613 , G06F17/30781 , G06F17/30964 , G06F21/55 , G10L15/26 , H04L63/12 , H04L63/1425
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
摘要翻译：提供方法和系统用于计算机取证调查的主动方法。本发明允许组织预期法医分析的需要提前准备。为指定的目标主动生成数字表示。数字表示是目标内容的摘要。索引和组织在数据结构中的目标集合的数字表示，例如反向索引。搜索和比较目标集合的数字表示可以快速准确地识别具有相同或相似内容的目标。提前计算和存储成本，这样可以更有效地进行电脑取证调查。本发明可应用于计算机取证证据收集，误用检测，网络入侵检测，未经授权的网络流量检测与预防等众多应用。

6. 发明授权

US08280905B2 Automated forensic document signatures 有权
标题翻译：自动取证文件签名
公开(公告)号：US08280905B2
公开(公告)日：2012-10-02
申请号：US11963186
申请日：2007-12-21
申请人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
发明人： Thomas Clay Shields , Ophir Frieder , Marcus A. Maloof
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： H04L63/1425 , G06F21/55
摘要： Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital signatures are generated proactively for a specified target. The digital signature represents a digest of the content of the target, and can be readily stored. Searching and comparing digital signatures allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allow more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
摘要翻译：提供方法和系统用于计算机取证调查的主动方法。本发明允许组织预期法医分析的需要提前准备。为指定的目标主动生成数字签名。数字签名表示目标内容的摘要，并且可以容易地存储。搜索和比较数字签名可以快速准确地识别具有相同或相似内容的目标。提前计算和存储成本，这样可以进行更有效的计算机取证调查。本发明可应用于计算机取证证据采集，误用检测，网络入侵检测，未经授权的网络流量检测与预防等众多应用。

7. 发明申请

US20080271143A1 Insider threat detection 有权
标题翻译：内部威胁检测
公开(公告)号：US20080271143A1
公开(公告)日：2008-10-30
申请号：US11790225
申请日：2007-04-24
申请人： Gregory D. Stephens , Marcus A. Maloof
发明人： Gregory D. Stephens , Marcus A. Maloof
IPC分类号： G08B23/00
CPC分类号： H04L63/1425 , H04L41/5061 , H04L63/1408 , H04L63/1416
摘要： Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior. Embodiments provide a user threat ranking system and a user interface to examine user threat scores and analyze user activity.
摘要翻译：提供了内部威胁检测的方法，系统和计算机程序产品。根据身份，过去活动和/或组织环境，实施者会检测对他们有权访问的文档和/或文件采取行动的内部人员，但他们的行为是不适当的或不具体的。实施例通过监视网络来检测与一组网络协议相关联的网络活动; 处理检测到的活动以产生信息使用事件; 生成与网络的用户相关联的上下文信息; 以及基于所生成的上下文信息来处理所述信息使用事件以生成所述网络用户的警报和威胁分数。实施例提供了几种信息滥用检测器，用于根据收集的上下文信息来检查产生的信息使用事件以检测体积异常，可疑和/或回避行为。实施例提供用户威胁评估系统和用户界面来检查用户威胁分数并分析用户活动。

8. 发明授权

US08707431B2 Insider threat detection 有权
标题翻译：内部威胁检测
公开(公告)号：US08707431B2
公开(公告)日：2014-04-22
申请号：US11790225
申请日：2007-04-24
申请人： Gregory D. Stephens , Marcus A. Maloof
发明人： Gregory D. Stephens , Marcus A. Maloof
IPC分类号： G06F12/14 , G08B21/00 , H04L29/06
CPC分类号： H04L63/1425 , H04L41/5061 , H04L63/1408 , H04L63/1416
摘要： Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior. Embodiments provide a user threat ranking system and a user interface to examine user threat scores and analyze user activity.
摘要翻译：提供了内部威胁检测的方法，系统和计算机程序产品。根据身份，过去活动和/或组织环境，实施者会检测对他们有权访问的文档和/或文件采取行动的内部人员，但他们的行为是不适当的或不具体的。实施例通过监视网络来检测与一组网络协议相关联的网络活动; 处理检测到的活动以产生信息使用事件; 生成与网络的用户相关联的上下文信息; 以及基于所生成的上下文信息来处理所述信息使用事件以生成所述网络用户的警报和威胁分数。实施例提供了几种信息滥用检测器，用于根据收集的上下文信息来检查产生的信息使用事件以检测体积异常，可疑和/或回避行为。实施例提供用户威胁评估系统和用户界面来检查用户威胁分数并分析用户活动。

9. 发明授权

US08037535B2 System and method for detecting malicious executable code 有权
标题翻译：用于检测恶意可执行代码的系统和方法
公开(公告)号：US08037535B2
公开(公告)日：2011-10-11
申请号：US11202186
申请日：2005-08-12
申请人： Marcus A. Maloof
发明人： Marcus A. Maloof
IPC分类号： G06F12/16
CPC分类号： G06F21/562
摘要： A system and method for detecting malicious executable software code. Benign and malicious executables are gathered; and each are encoded as a training example using n-grams of byte codes as features. After selecting the most relevant n-grams for prediction, a plurality of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting, are evaluated.
摘要翻译：一种用于检测恶意可执行软件代码的系统和方法。收集良性和恶意的可执行文件; 并且每个被编码为使用n-gram字节代码作为特征的训练示例。在选择最相关的n-gram进行预测之后，评估了包括天真贝叶斯，决策树，支持向量机和增强在内的多种归纳方法。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式